Hi.
We are about to make some changes to our network setup and I have been
put in charge of compiling some documentation on how to best setup our
new network environment.
We will be using a Cisco firewall box and a 3-leg perimeter network
setup with ISA server. So far so good.
I have been administering a similar setup in my previous job where we
used to go for public ip addresses for the public accessible servers in
the ISA DMZ - my opinion is that the pubic ip address scheme gives
easier administration in both the Cisco and in the ISA server in terms
of rules and troubleshooting, but I can't seem to convince my boss about
this. He wants to go for a single public ip address and then use NAT for
the servers. I.E. Translate requests based on ports and forward to the
appropriate servers on the network.
I have heard that the NAT solution provides a slightly more secure setup
because the 'outside' cannot see or know the actual servers ip adress on
the network, but are the advantage of using the NAT solution big enough
versus the easier administration with the public ip address scheme?
I mean. We have a Cisco hardware box and an ISA server 2006 between our
DMZ and the Internet.
Thanks in advance for any input!
--
Best regards,
Thomas Moeller Nexoe
--------------------------------------
Website:
http://www.winfrastructure.dk
Blog:
http://www.winfrastructure.net
Similar Threads
Linear Mode
